fail2ban

Controls fail2ban server and rules

Alkivi

alkivi

9,488 downloads

8,715 latest version

3.6 quality score

Version information

  • 0.0.4 (latest)
  • 0.0.2
  • 0.0.1
released Sep 24th 2014

Start using this module

Documentation

alkivi/fail2ban — version 0.0.4 Sep 24th 2014

Fail2ban Module

This module will install and configure a fail2ban server and allow you to add other rules

Usage

Minimal server configuration

class { 'fail2ban': }

This will do the typical install, configure and service management.

More server configuration

class { 'fail2ban'
  ignoreip   = ['127.0.0.1/8'],
  bantime    = 600,
  maxretry   = 3,
  backend    = 'auto',
  destemail  = 'root@localhost',
  banaction  = 'iptables-multiport',
  mta        = 'sendmail',
  protocol   = 'tcp',
  chain      = 'INPUT',
  action_    = '%(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]',
  action_mw  = '%(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]',
  action_mwl = '%(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]',
  action     = '%(action_mwl)s',
  motd       = true,
}

Rules configuration

fail2ban::section{ 'apache':
    content => "enabled  = true
port     = http,https
filter   = apache-auth
logpath  = '/var/log/apache/*.log'
maxretry = 6"
}

Limitations

  • This module has been tested on Debian Wheezy, Squeeze.

License

All the code is freely distributable under the terms of the LGPLv3 license.

Contact

Need help ? contact@alkivi.fr

Support

Please log tickets and issues at our Github